Currently supports:
* Show cookie consent layer
* Create footer link to privacy statement (internal, or also a staticpage allowed)
* Allow to enforce visitors need to confirm a checkbox when submitting comments
* Shows information about what s9y does in regards of DSGVO/GPDR
* Shows information about what s9y plugins do in regard of DSGVO/GPDR (new 'legal' property bag)
TODO:
* See todo.txt file.
* Most important: Go through EVERY plugin and add the legal property bag to any plugin that operates on user data.
* Allow to prevent session_start on frontend, allow to patch REMOTE_ADDR
* Warnings when plugin is not installed
+++++ HELP NEEDED +++++
"api.recaptcha.net" and friends seem to be gone
for good. The code didn't use those GLOBALS either,
AFAICS.
Signed-off-by: Thomas Hochstein <thh@inter.net>
Try to auto-detect if site is served via HTTPS or HTTP. The original version requests the captcha via HTTP. So if the site is served via HTTPS, the browser will block this attempt and no captcha will be shown on the site.
It is not a perfect solution (a better one would be to let the user configure it), since it would not detect the correct value if the webserver is behind a proxy (the proxy serves the site via HTTPS and the webserver via HTTP to the proxy). But this solution will work in most of the cases until a serendipity developer can add an extra configuration option.